[OPENAM-13013] ScriptException in Device ID flow on re-authentication - ForgeRock JIRA

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 6.0.0
Fix Version/s: 6.0.0
Component/s: scripting
Labels:
- AME
- Must-Fix

Target Version/s:

6.0.0
Rank:
1|hzvvgn:

Needs backport:

No

Needs QA verification:

No
Functional tests:

No
Are the reproduction steps defined?:

Yes and I used the same an in the description

Description

Bug description

The following error is being seen in Core Debug once re-authenticating in a chain using DeviceID modules and Device ID match seems to fail.

org.forgerock.openam.scripting.ThreadPoolScriptEvaluator:04/27/2018 12:30:56:549 PM BST: Thread[http-nio-8080-exec-10,5,main]: TransactionId[7138dd7c-7591-42b4-8967-7765ce752362-178518]
ERROR: Script terminated with exception
java.util.concurrent.ExecutionException: javax.script.ScriptException: Can't find method java.util.HashMap.put(string,java.lang.Integer,number). (<Unknown source>#746) in <Unknown source> at line number 746 at column number 0
	at java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.util.concurrent.FutureTask.get(FutureTask.java:192)
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator.evaluateScript(ThreadPoolScriptEvaluator.java:84)
	at org.forgerock.openam.authentication.modules.scripted.Scripted.evaluateServerSideScript(Scripted.java:165)
	at org.forgerock.openam.authentication.modules.scripted.Scripted.process(Scripted.java:143)
	at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1091)
	at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1289)
	at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43

How to reproduce the issue

Latest build of AM:6.0.0 27th April

NB: I have upgraded from last RC build- not a clean install.

1. Setup a realm
2. Setup a chain in realm and set as default for that realm

DataStore (Requisite)
DeviceIdMatch (sufficient)
DeviceIdSave (Required/Requisite) to highlight failure

3. Login initially as demo: Save device profile

4. Logout and re-authenticate

Expected behaviour

Device ID Match module should be invoked : match and login should succeed.

Current behaviour

ScriptException is thrown in logs.

In my test case Device ID save also fails : potentially due to NPE when trying to fetch device profile

Work around

Node

Code analysis

Possibly related to https://bugster.forgerock.org/jira/browse/OPENAM-12226

There following was added to deviceidMatch-serverside.js script

HashMap selectedProfile = new HashMap();
selectedProfile.put("selectionCounter", java.lang.Integer.valueOf(parseInt(selectedProfile.get("selectionCounter")) + 1), 10);  <--
selectedProfile.put("lastSelectedDate", java.lang.Long.valueOf(new Date().getTime()));`

ALSO****

Navigating to Global Services -> Scripting -> Secondary Configurations -> AUTHENTICATION_SERVER_SIDE -> Secondary Configurations -> EngineConfiguration -> Java class whitelist throws "Not Found Error" in UI

Attachments

Activity

People

Assignee:: Rebecca Hayling [X] (Inactive)

Reporter:: Jonathan Thomas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2018-04-27 12:51 PM

Updated:: 2018-05-01 2:07 PM

Resolved:: 2018-05-01 2:07 PM